Behavior Detection

Support

Support for business applications

Kaspersky Industrial CyberSecurity for Linux Nodes

Managing the application using Kaspersky Security Center Administration Console

Policy settings

Behavior Detection

February 8, 2024

ID 198117

By default, the Behavior Detection component starts when Kaspersky Industrial CyberSecurity for Linux Nodes starts and monitors malicious activity in the operating system. When malicious activity is detected, Kaspersky Industrial CyberSecurity for Linux Nodes can terminate the application process that is performing malicious activity.

Behavior Detection component settings

Setting	Description
Enable Behavior Detection	This check box enables or disables the Behavior Detection component. The check box is selected by default.
Behavior Detection component operating mode	The action that the application performs upon detecting malicious activity in the operating system: Block the application performing malicious activity. Kaspersky Industrial CyberSecurity for Linux Nodes terminates the application process and logs information about the detected malicious activity. Notify user (default value). Kaspersky Industrial CyberSecurity for Linux Nodes does not terminate the process performing malicious activity. It only records detection of malicious activity in the event log.
Use exclusions by process	This check box enables or disables exclusions by process in the operation of the Behavior Detection component. This check box is cleared by default. The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Setting

Description

Enable Behavior Detection

This check box enables or disables the Behavior Detection component.

The check box is selected by default.

Behavior Detection component operating mode

The action that the application performs upon detecting malicious activity in the operating system:

Block the application performing malicious activity. Kaspersky Industrial CyberSecurity for Linux Nodes terminates the application process and logs information about the detected malicious activity.
Notify user (default value). Kaspersky Industrial CyberSecurity for Linux Nodes does not terminate the process performing malicious activity. It only records detection of malicious activity in the event log.

Use exclusions by process

This check box enables or disables exclusions by process in the operation of the Behavior Detection component.

This check box is cleared by default.

The Configure button opens the Exclusions by process window. In this window, you can exclude the activity of processes.

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.